The Seven Sins:Security Smells in Infrastructure as Code Scripts

This repository includes the dataset and source code used in the paper 'The Seven Sins: Security Smells in Infrastructure as Code Scripts', accepted at the International Conference on Software Engineering (ICSE) 2019. The tool is also available as a Docker image at: https://cloud.docker.com/repository/docker/akondrahman/ruby_for_sp/general <br><br>Practitioners use infrastructure as code (IaC) scripts to provision servers and development environments. While developing IaC scripts, practitioners may inadvertently introduce security smells. Security smells are recurring coding patterns that are indicative of security weakness and can potentially lead to security breaches. The goal of sharing the research artifact is to help software practitioners and researchers use our static analysis tool Security Linter for Infrastructure as Code (SLIC) to identify security smells in infrastructure as code scripts. We provide a Docker-based research artifact to use and replicate the major findings presented in the paper. Link of the paper: https://akondrahman.github.io/papers/icse19_slic.pdf<br>